redline | a2b01d257df890db77a2518349638a46e30a02eb4304fe24ee46221ccc30b91d | Triage

Submit
Reports

Overview

overview

Static

static

3

cdad0022f1...16.exe

windows7-x64

cdad0022f1...16.exe

windows10-2004-x64

Sharing

General

Target

a2b01d257df890db77a2518349638a46e30a02eb4304fe24ee46221ccc30b91d
Size

161KB
Sample

241109-ytb5zs1dqn
MD5

2367a1f87a4423e08b42c7943e2f9ce1
SHA1

007953c2b0c1439b387f31d77746a82ef3031172
SHA256

a2b01d257df890db77a2518349638a46e30a02eb4304fe24ee46221ccc30b91d
SHA512

31fa4db52e05ebce3619b7382572707b952f708400646b6ed052b90d234ba67262a2b0649c0e337070590193767d47168745dd5c78cbe399291278b63730a133
SSDEEP

3072:ZZi5YqGc2UpeVT9f5QCPEDRxxiiw8NyDXwS0h5u25YB0f8Vp4WrLN:zi5YqGeOT9f5Q9DPy8g7q5u25Y60p4WN

Score

10^/10

redline pub3 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816.exe

Resource

win7-20240903-en

redline pub3 discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816.exe

Resource

win10v2004-20241007-en

redline pub3 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

pub3

C2

89.22.231.25:45245

Attributes

auth_value
ffd0fd0d5630c2c573c643bde2ed50b3

Targets

- Target
  
  cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816
- Size
  
  355KB
- MD5
  
  a4c70d54ba1052681f251618d9d9fc1f
- SHA1
  
  bf4e172a65f5271d5c60c3219f36bb15d0d2f585
- SHA256
  
  cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816
- SHA512
  
  6f7865419dab62b3c44a8f530eb2e62932bb807f8cad8d023f318d4207d5aac81cf6a14905b5bfa2d7f1c694bb94722b98798ba905cbef968ce6ef3edbdf81d6
- SSDEEP
  
  6144:xco+Nypp0QGxJ1ryIj7AOqs4xxgI2Zf5Znns1Jl:F+Nypp0QEp7cs4xxgpNs1J
Score

10^/10

redline pub3 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub3discoveryinfostealer

behavioral2

redlinepub3discoveryinfostealer

© 2018-2024

Terms | Privacy